this post was submitted on 22 Jun 2024
6 points (100.0% liked)

Firefox

17700 readers
257 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
6
Mozilla: Help us uncover Firefox 3rd party installers (discourse.mozilla.org)
submitted 3 months ago by TheTwelveYearOld@lemmy.world to c/firefox@lemmy.ml
6 comments fedilink hide all child comments
 

From the post:

In 2023, a significant portion of Firefox downloads came from unknown sources. We believe many of them came from 3rd party websites that let you download Firefox. While some websites are okay, others can put you at risk of downloading an old version or a build with the wrong locale, leading to security risks, a bad user experience, or even malicious installations.

Help the Firefox team to uncover this mystery by taking part in the Firefox 3rd-party installer campaign 3!

There will be swag, and you’ll be featured in our blog if you manage to report 10 valid reports. So don’t forget to invite your friends too!

Have any questions about this campaign? Join us on Matrix or watch the recording of our community call with Romain Testard, Principal Product Manager at Mozilla.

Please also help spread the word about this campaign by sharing this on your social media.

Keep on rocking the helpful web,

Kiki & Konstantina

top 6 comments
sorted by: hot top controversial new old
[–] Cyberjin@lemmy.world 1 points 3 months ago

I remember that Firefox had unique identifiers when downloading from the website. https://www.ghacks.net/2022/03/17/each-firefox-download-has-a-unique-identifier/ So that's probably how they are tracking everything.

For me I use repos like winget or chocolatey And I guess there are tons of options on Linux.

[–] boredsquirrel@slrpnk.net 1 points 3 months ago* (last edited 3 months ago) (1 children)

I wonder of they think of all the Linux installs from the various repos. These are nearly all unmodified and will send data to Mozilla, containing an "unknown" install origin.

  • distro repos
  • flathub
  • fedora flatpaks
  • snap store

These may still pull stuff, not per user but per distro.

[–] umbrella@lemmy.ml 2 points 3 months ago (1 children)

flatpaks and snaps are official now iirc

[–] boredsquirrel@slrpnk.net 1 points 3 months ago

Yes but I wonder if they already know these origins.

Afaik they determine "installations" not via downloads from their servers, but started FF apps. All have some unique ID stuff and send that to Mozilla

[–] possiblylinux127@lemmy.zip 0 points 3 months ago (1 children)

"We just need to protect our intellectual property"

Obviously harmful versions of Firefox that do not release the source code are bad but there are probably soft forks.

[–] sugar_in_your_tea@sh.itjust.works 2 points 3 months ago

This isn't about forks, it's about installers that pull directly from Mozilla's servers. This could be installers that bundle malware/adware with it.

If you fork it, you'll be building the source and distributing it yourself. This isn't about that.